SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

can someone point me to the doc where you can "destroy" session after a certain amount of time, forcing the user to relogin?

You mean you want to log the user out even if they are active?

Right. So you can do that by overriding the refresh API. Start by calling the original implementation to get the session object

Then from the session object, you can get the time the session was created

If that time is before your threshold, then call the revokeSession function on the session object.

I'm going down the right path here? ```override: {
          apis: (originalImplementation) => {
            return {
              ...originalImplementation,
              refresh: async function (input) {
                if (originalImplementation.refresh === undefined) {
                  throw Error("Shouldn't hit this"); // TODO: figure this out
                }
                try {
                  const session = await originalImplementation.refresh(input);
                  console.log("Session: ", session);
                } catch (err) {
                  throw Error(err);
                }
              },```

of course that console.log(session) does nothing

Please make sure that you are using the other function. I suggest going through the node SDK reference docs. Thanks

so that should be in  SessionNode.init(),

If you want help that requires a lot of hand holding, you can start a subscription with us for dedicated support. Hope this makes sense